[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Linux-aus] Re: [Talk] Media Release: OPEN SOURCE USERS UNAFFECTED BY SASSER WORM - THE INTERNET KEEPS GOING DESPITE FLAWED PROPRIETARY SOFTWARE



On Monday, 10 May 2004 at 14:44:38 +1000, David Purdue wrote:
> Just to play devil's advocate...
>
> Con Zymaris wrote:
>>
>> The first worm, by Robert Morris Junior, son of a senior NSA computer
>> security expert and Unix pioneer, occurred in 1988. Even though it was
>> not malicious and accidentally escaped from a lab, it brought the
>> Internet to its knees for a few days. It directly caused the creation of
>> a number of agencies, primarily CERT - Computer Emergency and Response
>> Team. What the Morris Worm did clearly demonstrate is that there are
>> substantial advantages for any organisation in using operating systems,
>> middleware and applications from more than one codebase. Organisations
>> who had a variety of platforms were able to keep part of their
>> computing infrastructure going.
>
> This release fails to mention that the Morris Worm propagated by
> exploiting weaknesses in Sendmail, an open source program.

Well, I don't know if "fails" is the correct word.  But it could have
made capital of the matter, something along the lines of:

- All software is vulnerable, even UNIX.
- It happened to UNIX first.
- We fixed it.  It doesn't happen any more.

> So it could also be said that what the Morris Worm did is clearly
> demonstrate that software being open source does not imply that it
> is immune to virus/worm attack.

Well, this was UNIX, not "Open Source" :-)

> If the real lesson is that I should source my applications from
> multiple code bases, what is the alternate codebase for something
> that does the same job as Apache?

I don't personally think this is the lesson that people should learn.

Greg
--
Note: I discard all HTML mail unseen.
Finger Greg.Lehey@auug.org.au for PGP public key.
See complete headers for address and phone numbers.

Attachment: pgp00000.pgp
Description: PGP signature